Brocade Fabric OS v7.1.2a Release Notes v1.0
overwritten. For the same reason, the “Key Life” field in the output of “cryptocfg --show -container -all
–stat” should always be ignored, and the “Key life” field in “cryptocfg --show –tapepool –cfg” is only
significant for native-encrypted pools.
• The Quorum Authentication feature requires a compatible DCFM or Brocade Network Advisor release
(DCFM 10.3 or later for pre-FOS v7.0 and Network Advisor 11.1 or later for FOS v7.0 or later) that
supports this feature. Note, all nodes in the EG must be running FOS v6.3.0 or later for quorum
authentication to be properly supported.
• The System Card feature requires a compatible DCFM or Brocade Network Advisor release (DCFM
10.3 or later for pre-FOS v7.0 and Network Advisor 11.1 or later for FOS v7.0 or later) that supports
this feature. Note, all nodes in the EG must be running FOS v6.3.0 or later for system verification to
be properly supported.
• The Brocade Encryption switch and FS8-18 blade do not support QoS. When using encryption or
Frame Redirection, participating flows should not be included in QoS Zones.
• HP SKM & ESKM are supported with Multiple Nodes and Dual SKM/ESKM Key Vaults. Two-way
certificate exchange is supported. Please refer to the Encryption Admin Guide for configuration
information. If using dual SKMs or ESKMs on BES/FS8-18 Encryption Group, then these SKM / ESKM
Appliances must be clustered. Failure to cluster will result in key creation failure. Otherwise, register
only one SKM / ESKM on the BES/FS8-18 Encryption Group.
• FOS 7.1.0 will use SHA256 signatures for the TLS certificates, used to connect to the ESKM 3.0 Server
using ESKM 2.0 client. Upgrade from FOS versions (6.4.x/7.0.x) to FOS 7.1.0 and downgrade from
FOS 7.1.0 to FOS versions (6.4.x/7.0.x) would require regeneration and re-registration of CA and
signed KAC certificates to restore connectivity to the key vault. Please refer to Encryption AG for more
details on ESKM/FOS compatibility matrix
• The RSA DPM Appliance SW v3.2 is supported. The procedure for setting up the DPM Appliance with
BES or a DCX/DCX-4S/DCX 8510 with FS8-18 blades is located in the Encryption Admin Guide.
• Before upgrading from FOS versions (6.4.x/7.0.x) to FOS7.1.0, it is required that the RKM server
running SW v2.7.1.1 should be upgraded to DPM server running SW v3.2. Please refer to DPM/FOS
compatibility matrix in the Encryption AG for more details.
• Support for registering a 2nd DPM Appliance on BES/FS8-18 is blocked. If the DPM Appliances are
clustered, then the virtual IP address hosted by a 3rd party IP load balancer for the DPM Cluster must
be registered on BES/FS8-18 in the primary slot for Key Vault IP.
• With Windows and Veritas Volume Manager/Veritas Dynamic Multipathing, when LUN sizes less than
400MB are presented to BES for encryption, a host panic may occur and this configuration is not
supported in the FOS v6.3.1 or later release.
• Hot Code Load from FOS v6.4.1a to FOS v7.0 or later is supported. Cryptographic operations and I/O
will be disrupted but other layer 2 FC traffic will not be disrupted.
• When disk and tape CTCs are hosted on the same encryption engine, re-keying cannot be done while
tape backup or restore operations are running. Re-keying operations must be scheduled at a time that
does not conflict with normal tape I/O operations. The LUNs should not be configured with auto rekey
option when single EE has disk and tape CTCs.
• Gatekeeper LUNs used by SYMAPI on the host for configuring SRDF/TF using in-band management
must be added to their containers with LUN state as “cleartext”, encryption policy as “cleartext” and
without “-newLUN” option.
• FOS 7.1.0 introduces support for “disk device decommissioning” to following key vault types: ESKM,
TEKA, TKLM and KMIP. To use disk device decommissioning feature for these KVs, all the nodes in the
encryption group must be running FOS v7.1.0 or later. Firmware downgrade will be prevented from
FOS v7.1.0 to a lower version if this feature is in use. Disk Device decommissioning for DPM and LKM
key vaults will continue to work as with previous firmware versions.
Fabric OS v7.1.2a Release Notes v1.0 Page 24 of 38